Abstract

Cyber Security Engineering: A Practical Approach for Systems and Software Assurance brings together comprehensive best practices for building software systems that exhibit superior operational security, and for considering security early and throughout the full lifecycles of both system development and acquisition. Pioneering software assurance experts Dr. Nancy R. Mead and Dr. Carol C. Woody present the latest practical knowledge and case studies, demonstrating strategies and techniques that have been repeatedly proven to reduce operational problems and the need for software patching. Using these methods, any software practitioner or manager can make system and software engineering decisions that are far more likely to achieve appropriate operational results.
Drawing on their pioneering work at the Software Engineering Institute (SEI) and Carnegie Mellon University, the authors introduce seven core principles of software assurance, and demonstrate how to apply them through all four key areas of cybersecurity engineering:

Security and Software Assurance Engineering

Security and Software Assurance Management

Security and Software Assurance Measurement and Analysis

Software Assurance Education and Competencies

For each area, Mead and Woody present key standards, methods, services, tools, and best practices, illuminating these with relevant examples, references to research results, and additional resources. Each area's content is organized to demonstrate how all seven crucial software assurance principles can be addressed coherently and systematically. The authors complement their recommendations with deep insight into why they make sense, and practical guidance on determining whether each action is being performed successfully.